On Mon, 7 Oct 2002, Crispin Cowan wrote: > Anticipating predictable rebuttal :) aside from processor affinity, have > we also closed all of the other trivial ways that a local user/process > can DoS a machine into the ground by consuming gobs of resources? Fork > bombing, consuming as much memory as possible, thrashing all levels of > cache and disk, flooding network connections, etc. I'm not convinced > that we even come close to preventing local DoS. I'd agree that preventing a local DOS is not a goal of LSM. But the fact that setaffinity/getaffinity can set and get an element of state of another process means that you need to be able to control them to enforce any kind of mandatory access control policy, whether MLS or TE or ... -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 04:46:29 PDT